diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-08 12:12:51 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-09-10 19:23:53 +0000 |
commit | 577a2900bd7628f010a514b81e1eb645e03ceda7 (patch) | |
tree | fe25ab258d81369bddbbbf6e61348417663f8a47 /board/cr50 | |
parent | 77d80437e4fc4c8a49f330471fb32a6e78749922 (diff) | |
download | chrome-ec-577a2900bd7628f010a514b81e1eb645e03ceda7.tar.gz |
cr50: consolidate FIPS module sources under board/cr50/dcrypto
To simplify identification of FIPS module boundary, move all sources
into same place.
BUG=b:134594373
TEST=make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I6acd12d12c00a3362041914bd515534f72a08ab2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3150057
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'board/cr50')
-rw-r--r-- | board/cr50/build.mk | 6 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips.c (renamed from board/cr50/fips.c) | 0 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips.h (renamed from board/cr50/fips.h) | 0 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips_rand.c (renamed from board/cr50/fips_rand.c) | 0 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips_rand.h (renamed from board/cr50/fips_rand.h) | 0 | ||||
-rw-r--r-- | board/cr50/dcrypto/u2f.c (renamed from board/cr50/u2f.c) | 0 | ||||
-rw-r--r-- | board/cr50/dcrypto/u2f_impl.h | 229 |
7 files changed, 232 insertions, 3 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index f9401b9527..4576e30c0e 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -81,9 +81,9 @@ board-${CONFIG_USB_I2C} += usb_i2c.o board-y += recovery_button.o fips-y= -fips-y += fips.o -fips-y += fips_rand.o -fips-$(CONFIG_U2F) += u2f.o +fips-y += dcrypto/fips.o +fips-y += dcrypto/fips_rand.o +fips-$(CONFIG_U2F) += dcrypto/u2f.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/aes.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/app_cipher.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/app_key.o diff --git a/board/cr50/fips.c b/board/cr50/dcrypto/fips.c index 349117d49b..349117d49b 100644 --- a/board/cr50/fips.c +++ b/board/cr50/dcrypto/fips.c diff --git a/board/cr50/fips.h b/board/cr50/dcrypto/fips.h index 52d8ec68c6..52d8ec68c6 100644 --- a/board/cr50/fips.h +++ b/board/cr50/dcrypto/fips.h diff --git a/board/cr50/fips_rand.c b/board/cr50/dcrypto/fips_rand.c index 926af66f96..926af66f96 100644 --- a/board/cr50/fips_rand.c +++ b/board/cr50/dcrypto/fips_rand.c diff --git a/board/cr50/fips_rand.h b/board/cr50/dcrypto/fips_rand.h index dca1f473bf..dca1f473bf 100644 --- a/board/cr50/fips_rand.h +++ b/board/cr50/dcrypto/fips_rand.h diff --git a/board/cr50/u2f.c b/board/cr50/dcrypto/u2f.c index 9f987fbd64..9f987fbd64 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/dcrypto/u2f.c diff --git a/board/cr50/dcrypto/u2f_impl.h b/board/cr50/dcrypto/u2f_impl.h new file mode 100644 index 0000000000..7f0f10ef36 --- /dev/null +++ b/board/cr50/dcrypto/u2f_impl.h @@ -0,0 +1,229 @@ +/* Copyright 2017 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* U2F implementation-specific callbacks and parameters. */ + +#ifndef __CROS_EC_U2F_IMPL_H +#define __CROS_EC_U2F_IMPL_H + +#include "common.h" +#include "dcrypto.h" +#include "u2f.h" + +/* ---- platform cryptography hooks ---- */ + +/* ---- non-volatile U2F state, shared with common code ---- */ +struct u2f_state { + /* G2F key gen seed. */ + uint32_t salt[8]; + /* HMAC key for U2F key handle authentication. */ + uint32_t hmac_key[SHA256_DIGEST_SIZE / sizeof(uint32_t)]; + /* Stored DRBG entropy. */ + uint32_t drbg_entropy[16]; + size_t drbg_entropy_size; +}; + +/* Make sure common declaration is compatible. */ +BUILD_ASSERT(U2F_EC_KEY_SIZE == P256_NBYTES); +BUILD_ASSERT(sizeof(struct u2f_ec_point) == U2F_EC_POINT_SIZE); + +BUILD_ASSERT(sizeof(struct u2f_key_handle_v0) <= U2F_MAX_KH_SIZE); +BUILD_ASSERT(sizeof(struct u2f_key_handle_v0) == U2F_V0_KH_SIZE); + +BUILD_ASSERT(sizeof(struct u2f_key_handle_v1) <= U2F_MAX_KH_SIZE); +BUILD_ASSERT(sizeof(struct u2f_key_handle_v1) == U2F_V1_KH_SIZE); + + +BUILD_ASSERT(sizeof(union u2f_key_handle_variant) <= U2F_MAX_KH_SIZE); + +/** + * Create or update DRBG entropy in U2F state. Used when changing ownership + * to cryptographically discard previously generated keys. + * + * @param state u2f state to update + * + * @return EC_SUCCESS if successful + */ +enum ec_error_list u2f_generate_drbg_entropy(struct u2f_state *state); + +/** + * Create or update HMAC key in U2F state. Used when changing ownership to + * cryptographically discard previously generated keys. + * + * @param state u2f state to update + * + * @return EC_SUCCESS if successful + */ +enum ec_error_list u2f_generate_hmac_key(struct u2f_state *state); + +/** + * Create or update G2F secret in U2F state. + * + * @param state u2f state to update + * + * @return EC_SUCCESS if successful + */ +enum ec_error_list u2f_generate_g2f_secret(struct u2f_state *state); + +/** + * Create a randomized key handle for specified origin, user secret. + * Generate associated signing key. + * + * @param state initialized u2f state + * @param origin pointer to origin id + * @param user pointer to user secret + * @param authTimeSecretHash authentication time secret + * @param kh output key handle header + * @param kh_version - key handle version to generate + * @param pubKey - generated public key + * + * @return EC_SUCCESS if successful + */ +enum ec_error_list u2f_generate(const struct u2f_state *state, + const uint8_t *user, const uint8_t *origin, + const uint8_t *authTimeSecretHash, + union u2f_key_handle_variant *kh, + uint8_t kh_version, + struct u2f_ec_point *pubKey); + +/** + * Create a randomized key handle for specified origin, user secret. + * Generate associated signing key. + * + * @param state initialized u2f state + * @param kh output key handle header + * @param kh_version - key handle version to generate + * @param origin pointer to origin id + * @param user pointer to user secret + * @param authTimeSecretHash pointer to user's authentication secret. + * can be set to NULL if authorization_hmac check is not needed. + * @param r - generated part of signature + * @param s - generated part of signature + * + * @return EC_SUCCESS if a valid key pair was created + * EC_ACCESS_DENIED if key handle can't authenticated + */ +enum ec_error_list u2f_sign(const struct u2f_state *state, + const union u2f_key_handle_variant *kh, + uint8_t kh_version, const uint8_t *user, + const uint8_t *origin, + const uint8_t *authTimeSecretHash, + const uint8_t *hash, struct u2f_signature *sig); + +/** + * Verify that key handle matches provided origin, user and user's + * authentication secret and was created on this device (signed with + * U2F state HMAC key). + * + * @param state initialized u2f state + * @param kh input key handle + * @param kh_version - key handle version to verify + * @param user pointer to user secret + * @param origin pointer to origin id + * @param authTimeSecretHash pointer to user's authentication secret. + * can be set to NULL if authorization_hmac check is not needed. + * + * @return EC_SUCCESS if handle can be authenticated + */ +enum ec_error_list u2f_authorize_keyhandle(const struct u2f_state *state, + const union u2f_key_handle_variant *kh, + uint8_t kh_version, const uint8_t *user, + const uint8_t *origin, + const uint8_t *authTimeSecretHash); + +/** + * Gets the x509 certificate for the attestation key pair returned + * by g2f_individual_keypair(). + * + * @param state U2F state parameters + * @param serial Device serial number + * @param buf pointer to a buffer that must be at least + * + * G2F_ATTESTATION_CERT_MAX_LEN bytes. + * @return size of certificate written to buf, 0 on error. + */ +size_t g2f_attestation_cert_serial(const struct u2f_state *state, + const uint8_t *serial, uint8_t *buf); + +/** + * Verify that provided key handle and public key match. + * @param state U2F state parameters + * @param key_handle key handle + * @param kh_version key handle version (0 - legacy, 1 - versioned) + * @param user pointer to user secret + * @param origin pointer to origin id + * @param authTimeSecretHash pointer to user's authentication secret. + * can be set to NULL if authorization_hmac check is not needed. + * @param public_key pointer to public key point (big endian) + * @param data data to sign + * @param data_size data size in bytes + * + * @param r part of generated signature + * @param s part of generated signature + * + * @return EC_SUCCESS if public key matches key handle, + * (r,s) set to valid signature + * EC_ACCESS_DENIED if key handle can't authenticated + */ +enum ec_error_list u2f_attest(const struct u2f_state *state, + const union u2f_key_handle_variant *kh, + uint8_t kh_version, const uint8_t *user, + const uint8_t *origin, + const uint8_t *authTimeSecretHash, + const struct u2f_ec_point *public_key, + const uint8_t *data, size_t data_size, + struct u2f_signature *sig); + + +/** + * + * Board U2F key management part implemented. + * + */ + +/** + * Get the current u2f state from the board. + * + * @return pointer to static state if successful, NULL otherwise + */ +struct u2f_state *u2f_get_state(void); + +/** + * Try to load U2F keys or create if failed. + * + * @param state - buffer for state to load/create + * @param force_create - if true, always create all keys + * + * @return true if state is properly initialized and will persist in flash. + */ +bool u2f_load_or_create_state(struct u2f_state *state, bool force_create); + +/*** + * Generates and persists to nvram a new seed that will be used to + * derive kek in future calls to u2f_gen_kek(). + * + * @param commit whether to commit nvram changes before returning. + * @return EC_SUCCESS if seed was successfully created + * (and persisted if requested). + */ +enum ec_error_list u2f_gen_kek_seed(int commit); + +/** + * Zeroize U2F keys. Can be used to switch to FIPS-compliant path by + * destroying old keys. + * + * @return true if state is properly initialized and will persist in flash. + */ +enum ec_error_list u2f_zeroize_keys(void); + +/** + * Update keys to a newer (FIPS-compliant) version if needed. Do nothing if + * keys are already updated. + * + * @return EC_SUCCESS or error code. + */ +enum ec_error_list u2f_update_keys(void); + +#endif /* __CROS_EC_U2F_IMPL_H */ |